Nagios Support Forum

Hi, some users/contacts I´ve created in Nagios XI doesn't see host/services they are authorized for (as members of Contact group) in Nagios XI but they see subset of hosts/services correctly in Nagios. What could it be?

Regards, Kari

What version of XI are you running?

Try:
I'm wondering if ndoutils somehow failed to sync properly with the new configuration change.

Hi, I've tried to restart without success. Running Nagios XI 2011R1.9 on centos VM. I´m using Active Directory component if it matters, but have tried to disable it as well. What I´m getting (randomly as far as I can see) - one user in particular contact group is seeng everything belong to the group both in Nagios and nagios XI while other one just in nagios

Regards, Kári.

Did you create both users through: Admin->Users->Manage Users->Add New User? Did you select "Create s Monitoring Contact" checkbox for both (or neither) of them? Any differences in the "Security Settings", "Authorization Level", etc.?

Yes - Admin->Users->Manage Users->Add New User. Both users are just Users without anything additional. If I mark "Can see all hosts and services" - user begin to see all host and services in Nagios and Nagios XI right away, take it back - authorized hosts/services for one user, nothing for another in Nagios XI. After playing with it foe a while I´ve also seen additional hosts/services appears in Nagios XI which user isw not authorized for (temporarily) so multi-tenancy look very compromized for me in nagios XI environment which is very dissapointing - we are going to use nagios XI in hosting environment and give acces to many different customers..

Hi, here comes screenshots for hosts details view which shows right set of hosts, but service details view (as well as bbmap and minemap) shows additional hosts/services to which the user has no authorization (names hv* - authorized for, iceko* - not authorized for). Same services view in nagios for the same user shows right subset of hosts/services.
So to summarize - not only some users see nothing in Nagios XI but rest of them see additional services they are not authorized for. Everything works as expected in Nagios environment.
This is very serious problem!

Regards, Kári

kari,

Are there certain hosts that are always "right"? As in they always show up for users when they are supposed to? And conversely, are their other hosts that seems to show up for the wrong users? If so, could you send us a few more screenshots of the Core Config Manager > (Offending Host) > Alert Settings page?

I tested a "similar scenario" and found out that multi-tenancy worked like it was supposed to - I didn't have any issues with my setup.
I was able to recreate your problem ONLY when I assigned BOTH of my test users to the same contact group AND added this contact groups to a service (let's call it "test-service"; it is associated with a host that ONLY user1 is authorized to see!!!) that user1 IS authorized to see but user2 is NOT. Results:
Logged in as user1:
In Home->Details->Host Detail
- user1 can see all of the hosts he/she is authorized for
In Home->Details->Service Detail
- user1 can see all of the services he/she is authorized for
In BBmap
- user1 can see all of the hosts/services he/she is authorized for
In Minemap
- user1 can see all of the hosts/services he/she is authorized for
Logged in as user2:
In Home->Details->Host Detail
- user2 can see all of the hosts he/she is authorized for
In Home->Details->Service Detail
- user2 can see all of the services he/she is authorized for
- user2 can also see the test-service he/she is NOT authorized for
In BBmap
- user2 can see all of the hosts/services authorized for
- user2 can also see the test-service he/she is NOT authorized for
In Minemap
- user2 can see all of the hosts/services authorized for
- user2 can also see the test-service he/she is NOT authorized for

I believe you have to double check your configuration and make sure that your users are NOT associated somehow to the same services via a common contact group. There could be more possible scenarios - Nagios gives you a great flexibility in configuring hosts/services but this could lead to great complexity.

1. As I was saying before - everyting works fine in Nagios GUI but not in Nagios XI - so it´s very unlikely the configuration problem in my opinion but -
2. I have a few users/contacts and contacts groups at the moment so it´s easy to check, i´ve went over config files/config in CCM - everything looks right to me
my scenario is -
user A and user B are created in Nagios XI as users without any additional privileges + as contacts
group group CG was created in CCM and user A and user B were added to the group
CG group was selected as contact group for (and ONLY) host 1-5 and for services belonging to the hosts 1-5 as contact group under alert settings in CCM
As a result user A and user B see everything correctly in Nagios GUI but in Nagios XI -

user A sees hosts 1-5 and all services belonging to the hosts 1-5 PLUS few random services user A doesn´t has access to
user B sees nothing

I can give you access to Nagios XI if you can assist me better that way - have to fix that ASAP.

Regards, Kari

P.S. If I click on "can see all hosts and services" in users management for user B - all hosts and services appears immidiately both in Nagios and Nagios XI GUI, uncheck - again authorized host/services in Nagios, nothing in Nagios XI

Can you send us either a PM or email [email protected] with a Configuration Snapshot tarball? Access this from the Admin->Config Snapshots page.